Samsung Galaxy App Store has retained diverse vulnerabilities which can allow local attackers to install applications from the Galaxy App Store without your knowledge, it can be said that the issue could result in improper access control.
Join SFC Nation On Telegram
The other vulnerability of the Samsung Galaxy App Store is improper input validation which could allow local attackers to execute JavaScript by launching a web page. Notably, these CVEs are been discovered by the NCC research group.
Join SFC Nation On Google News
As per the info, the researchers of NCC Group discovered these flaws between November 23 and December 3, 2022. Which has now got fixed with the Samsung Galaxy Store app version 4.5.49.8. The group has also shared technical details for issues with proof-of-concept.
The report further mentions that the Galaxy App Store issue is especially flooding on the devices running Android 12 and below, and the Galaxy smartphones upgraded over Android 13 based One UI 5 have not been affected by this malware as of now.
Two vulnerabilities were uncovered with the Galaxy App Store application:
- Technical Advisory: Improper access control could allow local attackers to install applications from the Galaxy App Store (CVE-2023-21433)
- Technical Advisory: Improper input validation could allow local attackers to execute JavaScript by launching a web page (CVE-2023-21434)
Samsung Galaxy Store is an application store that comes pre-installed on Galaxy smartphones and offers various applications to download for your devices. To remain protected from unwanted viruses keep your app updated to the latest version.
Leave a Reply